堆栈内存溢出
  简体   繁体   English

在oracle 11G中创建可以访问多个Schema的超级用户

[英]Create Superuser who can access more than one Schema in oracle 11G

 原文  2020-03-14 04:43:06       oracle/ privileges

问题描述

I have two Schema Schema-1 and Schema-2.我有两个 Schema Schema-1 和 Schema-2。 I want to create one super User Who can access both Schema(Schema-1 and Schema-2).我想创建一个可以同时访问 Schema(Schema-1 和 Schema-2)的超级用户。

I want to create a user with command in oracle 11g.我想在 oracle 11g 中使用命令创建一个用户。 It is possible?有可能的?

1 个解决方案

解决方案1
 3  2020-03-14 08:51:36

Such an user already exists;这样的用户已经存在; it is called SYS , who owns the database.它称为SYS ,拥有数据库。 Though, it is not a very good idea to use it for daily jobs - you'd rather (as you wanted) create your own "superuser" who is capable of doing such things.尽管如此,将它用于日常工作并不是一个好主意 - 您宁愿(如您所愿)创建自己的“超级用户”,他能够做这样的事情。 For example:例如:

SQL> connect sys as sysdba
Enter password:
Connected.
SQL> create user superuser identified by superman;

User created.

SQL> grant dba to superuser;

Grant succeeded.

OK, let's try it:好,我们来试试:

SQL> connect superuser/superman
Connected.
SQL> select count(*) From scott.emp;

  COUNT(*)
----------
        14

SQL> select table_name from dba_tables where owner = 'MIKE';

TABLE_NAME
------------------------------
EMP
DEPT
BONUS
SALGRADE
DUMMY
ABC

6 rows selected.

SQL> select * from mike.abc;

       KEY         ID        SEQ THINGS     DESCR
---------- ---------- ---------- ---------- ----------
         1          1          0 Food       Chicken
         2          1          1 Cars       BMW
         3          1          2 Sport      Soccer
         4          2          0 Food       Mutton
         5          2          1 Cars       Ford
         6          2          2 Sport      Tennis

6 rows selected.

SQL>

Now, is DBA right role for that user, I can't tell.现在, DBA是否适合该用户的角色,我不知道。 Maybe it is not, so perhaps you'd rather grant only required set of privileges.也许不是,所以也许您宁愿只授予所需的一组权限。 Which set is it, I can't tell either.是哪一套,我也说不清楚。

Maybe it would be enough to grant eg select privileges to superuser for both schema1 and schema2 users' tables.也许为schema1schema2用户的表授予superuser select权限就足够了。 Though, you can't do that in a single command - you'd have to do it separately for each user and for each of their tables (which means a lot of grant select statements).但是,您不能在单个命令中执行此操作 - 您必须为每个用户和他们的每个表单独执行此操作(这意味着很多grant select语句)。 Let's try it:让我们试试看:

SQL> connect sys as sysdba
Enter password:
Connected.
SQL> revoke dba from superuser;

Revoke succeeded.

SQL>

It is a boring job writing statement-by-statement, so I'll write code to write code for me:逐个语句写是一件很无聊的工作,所以我会写代码来为我写代码:

SQL> select 'grant select on ' || owner ||'.' ||table_name || ' to superuser;' str
  2  from dba_tables
  3  where owner in ('SCOTT', 'MIKE')
  4  order by owner, table_name;

STR
--------------------------------------------------------------------------------
grant select on MIKE.ABC to superuser;
grant select on MIKE.BONUS to superuser;
grant select on MIKE.DEPT to superuser;
<snip>
grant select on SCOTT.TEST_B to superuser;
grant select on SCOTT.TEST_D to superuser;

26 rows selected.

SQL>

OK;好的; now copy/paste the above grant statements and run them.现在复制/粘贴上面的grant语句并运行它们。

SQL> grant select on MIKE.ABC to superuser;

Grant succeeded.

SQL> grant select on MIKE.BONUS to superuser;

Grant succeeded.

SQL> grant select on MIKE.DEPT to superuser;

Grant succeeded.

<snip>

SQL> grant select on SCOTT.TEST_B to superuser;

Grant succeeded.

SQL> grant select on SCOTT.TEST_D to superuser;

Grant succeeded.

SQL>

Does it work?它有效吗?

SQL> connect superuser/superman
ERROR:
ORA-01045: user SUPERUSER lacks CREATE SESSION privilege; logon denied


Warning: You are no longer connected to ORACLE.
SQL>

Aha!啊哈! Not just yet!不仅如此! Revoking DBA revoked a large set of privileges, so superuser now exists as user, but can't do anything.撤销DBA撤销了大量权限,因此superuser现在作为用户存在,但不能做任何事情。 So, let's let it connect to the database:所以,让我们让它连接到数据库:

SQL> connect sys as sysdba
Enter password:
Connected.
SQL> grant create session to superuser;

Grant succeeded.

SQL> connect superuser/superman
Connected.
SQL> select * From scott.dept;

    DEPTNO DNAME          LOC
---------- -------------- -------------
        10 ACCOUNTING     NEW YORK
        20 RESEARCH       DALLAS
        30 SALES          CHICAGO
        40 OPERATIONS     BOSTON

SQL> select * From mike.abc;

       KEY         ID        SEQ THINGS     DESCR
---------- ---------- ---------- ---------- ----------
         1          1          0 Food       Chicken
         2          1          1 Cars       BMW
         3          1          2 Sport      Soccer
         4          2          0 Food       Mutton
         5          2          1 Cars       Ford
         6          2          2 Sport      Tennis

6 rows selected.

SQL>

Right;对; much better.好多了。 That's what I meant by saying "grant only required set of privileges";这就是我所说的“仅授予所需的一组特权”的意思; don't grant more privileges than someone really needs.不要授予比某人真正需要的更多的权限。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Oracle 11g中多行到多于一列 - Multiple rows in to more than one column in oracle 11g Oracle 11g 中的 IMPDP - 从一种模式到另一种模式 - IMPDP in Oracle 11g - From One Schema to other Schema 如何在Oracle数据库11g中的同一用户下创建新架构? 还是用户只能制作一个架构? - How to create new schemas under same user in oracle database 11g? Or can an user make only one schema? Oracle 11g:Sql Developer:如何执行多个匿名块 - Oracle 11g : Sql Developer : How to execute more than one anonymous block SQLFiddle-Oracle 11g-无法创建架构 - SQLFiddle - Oracle 11g - unable to create schema 如何在 Oracle 数据库 11g 中创建本地模式? - How to create a local schema in Oracle database 11g? SYS模式Oracle 11g中的NestedTable - NestedTable in SYS schema Oracle 11g Oracle 11g中的架构增长 - Schema growth in Oracle 11g 如何在Oracle 11g中创建和访问多个数据库? - How can I create and access multiple databases in Oracle 11g? 如何从 Oracle 11g 实例访问 Oracle 12c 架构 - How to access to Oracle 12c schema from Oracle 11g instance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM